Commit Graph

330 Commits

Author SHA1 Message Date
Senthil Kumaran f82e59ac40
[2.7] bpo-27973 - Fix for urllib.urlretrieve() failing on second ftp transfer (#1040)
* bpo-27973: Fix urllib.urlretrieve failing on subsequent ftp transfers from the same host.

* bpo-35411: Skip test_urllibnet FTP tests on Travis CI.
2019-12-30 21:14:56 -08:00
Miss Islington (bot) 5f2c1345a7
bpo-38295: prevent test_relative_path of test_py_compile failure on macOS Catalina (GH-17636)
(cherry picked from commit bf3aa1060a)

Co-authored-by: Ned Deily <nad@python.org>
2019-12-17 01:16:33 -08:00
Matthew Rollings a016d4e32c [2.7] bpo-38945: UU Encoding: Don't let newline in filename corrupt the output format (GH-17418). (#17452)
(cherry picked from commit a62ad4730c)

Co-authored-by: Matthew Rollings <1211162+stealthcopter@users.noreply.github.com>
2019-12-03 10:18:52 -08:00
Victor Stinner e649903303
bpo-38804: Fix REDoS in http.cookiejar (GH-17157) (GH-17345)
The regex http.cookiejar.LOOSE_HTTP_DATE_RE was vulnerable to regular
expression denial of service (REDoS).

LOOSE_HTTP_DATE_RE.match is called when using http.cookiejar.CookieJar
to parse Set-Cookie headers returned by a server.
Processing a response from a malicious HTTP server can lead to extreme
CPU usage and execution will be blocked for a long time.

The regex contained multiple overlapping \s* capture groups.
Ignoring the ?-optional capture groups the regex could be simplified to

    \d+-\w+-\d+(\s*\s*\s*)$

Therefore, a long sequence of spaces can trigger bad performance.

Matching a malicious string such as

    LOOSE_HTTP_DATE_RE.match("1-c-1" + (" " * 2000) + "!")

caused catastrophic backtracking.

The fix removes ambiguity about which \s* should match a particular
space.

You can create a malicious server which responds with Set-Cookie headers
to attack all python programs which access it e.g.

    from http.server import BaseHTTPRequestHandler, HTTPServer

    def make_set_cookie_value(n_spaces):
        spaces = " " * n_spaces
        expiry = f"1-c-1{spaces}!"
        return f"b;Expires={expiry}"

    class Handler(BaseHTTPRequestHandler):
        def do_GET(self):
            self.log_request(204)
            self.send_response_only(204)  # Don't bother sending Server and Date
            n_spaces = (
                int(self.path[1:])  # Can GET e.g. /100 to test shorter sequences
                if len(self.path) > 1 else
                65506  # Max header line length 65536
            )
            value = make_set_cookie_value(n_spaces)
            for i in range(99):  # Not necessary, but we can have up to 100 header lines
                self.send_header("Set-Cookie", value)
            self.end_headers()

    if __name__ == "__main__":
        HTTPServer(("", 44020), Handler).serve_forever()

This server returns 99 Set-Cookie headers. Each has 65506 spaces.
Extracting the cookies will pretty much never complete.

Vulnerable client using the example at the bottom of
https://docs.python.org/3/library/http.cookiejar.html :

    import http.cookiejar, urllib.request
    cj = http.cookiejar.CookieJar()
    opener = urllib.request.build_opener(urllib.request.HTTPCookieProcessor(cj))
    r = opener.open("http://localhost:44020/")

The popular requests library was also vulnerable without any additional
options (as it uses http.cookiejar by default):

    import requests
    requests.get("http://localhost:44020/")

* Regression test for http.cookiejar REDoS

If we regress, this test will take a very long time.

* Improve performance of http.cookiejar.ISO_DATE_RE

A string like

"444444" + (" " * 2000) + "A"

could cause poor performance due to the 2 overlapping \s* groups,
although this is not as serious as the REDoS in LOOSE_HTTP_DATE_RE was.

(cherry picked from commit 1b779bfb85)
2019-11-24 16:49:23 +01:00
Benjamin Peterson f32bcf8c27
[2.7] bpo-38730: Fix -Wstringop-truncation warnings. (GH-17075) 2019-11-07 07:06:28 -08:00
Serhiy Storchaka 493fef60a7
[2.7] bpo-38535: Fix positions for AST nodes for calls without arguments in decorators. (GH-16861). (GH-16931)
(cherry picked from commit 26ae9f6d3d)
2019-10-26 17:30:30 +03:00
Zackery Spytz 009a692872 bpo-37025: AddRefActCtx() shouldn't be checked for failure (GH-16897)
AddRefActCtx() does not return a value.
2019-10-23 11:15:55 -07:00
Serhiy Storchaka ccdfeb7e96
[2.7] bpo-38540: Fix possible leak in PyArg_Parse for "es#" and "et#". (GH-16869). (GH-16877)
(cherry picked from commit 5bc6a7c06e)
2019-10-21 21:40:30 +03:00
Benjamin Peterson c2f86d86e6 Empty blurb file for 2.7.17. 2019-10-19 11:38:44 -07:00
Benjamin Peterson 89dea46642 Roll up news for 2.7.17rc1. 2019-10-07 19:01:18 -07:00
Jason R. Coombs f5b1abbb3b [2.7] bpo-38216, bpo-36274: Allow subclasses to separately override validation and encoding behavior (GH-16476)
Backporting this change, I observe a couple of things:

1. The _encode_request call is no longer meaningful because the request construction will implicitly encode the request using the default encoding when the format string is used (request = '%s %s %s'...). In order to keep the code as consistent as possible, I decided to include the call as a pass-through. I'd be just as happy to remove it entirely, but I'll leave that up to the reviewer to decide. It's okay that this functionality is disabled on Python 2 because this functionality was mainly around bpo-36274, which was mainly a concern with the transition to Python 3.
2. Because _encode_request is no longer meaningful, neither is the test for it, so I've removed that test. Therefore, the meaningful part of this test is that for bpo-38216, adding a (underscore-protected) hook to customize/disable validation.

(cherry picked from commit 7774d7831e)

Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
2019-10-07 19:00:01 -07:00
Benjamin Peterson e7e58fe031
[2.7] bpo-37664: Update ensurepip bundled wheels, again (GH-16633)
(cherry picked from commit 10c452b894)

Co-authored-by: Pradyun Gedam <pradyunsg@gmail.com>
2019-10-07 18:54:05 -07:00
Kirill Smelkov c5abd63e94 bpo-38106: Fix race in pthread PyThread_release_lock() (GH-16047)
Fix race in PyThread_release_lock that was leading to memory corruption and
deadlocks. The fix applies to POSIX systems where Python locks are implemented
with mutex and condition variable because POSIX semaphores are either not
provided, or are known to be broken. One particular example of such system is
macOS.

On Darwin, even though this is considered as POSIX, Python uses
mutex+condition variable to implement its lock, and, as of 2019-08-28, Py2.7
implementation, even though similar issue was fixed for Py3 in 2012, contains
synchronization bug: the condition is signalled after mutex unlock while the
correct protocol is to signal condition from under mutex:

  https://github.com/python/cpython/blob/v2.7.16-127-g0229b56d8c0/Python/thread_pthread.h#L486-L506
  https://github.com/python/cpython/commit/187aa545165d (py3 fix)

PyPy has the same bug for both pypy2 and pypy3:

  https://bitbucket.org/pypy/pypy/src/578667b3fef9/rpython/translator/c/src/thread_pthread.c#lines-443:465
  https://bitbucket.org/pypy/pypy/src/5b42890d48c3/rpython/translator/c/src/thread_pthread.c#lines-443:465

Signalling condition outside of corresponding mutex is considered OK by
POSIX, but in Python context it can lead to at least memory corruption if we
consider the whole lifetime of python level lock. For example the following
logical scenario:

      T1                                          T2

  sema = Lock()
  sema.acquire()

                                              sema.release()

  sema.acquire()
  free(sema)

  ...

can translate to the next C-level calls:

      T1                                          T2

  # sema = Lock()
  sema = malloc(...)
  sema.locked = 0
  pthread_mutex_init(&sema.mut)
  pthread_cond_init (&sema.lock_released)

  # sema.acquire()
  pthread_mutex_lock(&sema.mut)
  # sees sema.locked == 0
  sema.locked = 1
  pthread_mutex_unlock(&sema.mut)

                                              # sema.release()
                                              pthread_mutex_lock(&sema.mut)
                                              sema.locked = 0
                                              pthread_mutex_unlock(&sema.mut)

                      # OS scheduler gets in and relinquishes control from T2
                      # to another process
                                              ...

  # second sema.acquire()
  pthread_mutex_lock(&sema.mut)
  # sees sema.locked == 0
  sema.locked = 1
  pthread_mutex_unlock(&sema.mut)

  # free(sema)
  pthread_mutex_destroy(&sema.mut)
  pthread_cond_destroy (&sema.lock_released)
  free(sema)

  # ...
  e.g. malloc() which returns memory where sema was

                                              ...
                      # OS scheduler returns control to T2
                      # sema.release() continues
                      #
                      # BUT sema was already freed and writing to anywhere
                      # inside sema block CORRUPTS MEMORY. In particular if
                      # _another_ python-level lock was allocated where sema
                      # block was, writing into the memory can have effect on
                      # further synchronization correctness and in particular
                      # lead to deadlock on lock that was next allocated.
                                              pthread_cond_signal(&sema.lock_released)

Note that T2.pthread_cond_signal(&sema.lock_released) CORRUPTS MEMORY as it
is called when sema memory was already freed and is potentially
reallocated for another object.

The fix is to move pthread_cond_signal to be done under corresponding mutex:

  # sema.release()
  pthread_mutex_lock(&sema.mut)
  sema.locked = 0
  pthread_cond_signal(&sema.lock_released)
  pthread_mutex_unlock(&sema.mut)

To do so this patch cherry-picks thread_pthread.h part of the following 3.2 commit:

commit 187aa54516
Author: Kristján Valur Jónsson <kristjan@ccpgames.com>
Date:   Tue Jun 5 22:17:42 2012 +0000

    Signal condition variables with the mutex held.  Destroy condition variables
    before their mutexes.

 Python/ceval_gil.h      |  9 +++++----
 Python/thread_pthread.h | 15 +++++++++------
 2 files changed, 14 insertions(+), 10 deletions(-)

(ceval_gil.h is Python3 specific and does not apply to Python2.7)

The bug was there since 1994 - since at least [1]. It was discussed in 2001
with original code author[2], but the code was still considered to be
race-free. In 2010 the place where pthread_cond_signal should be - before or
after pthread_mutex_unlock - was discussed with the rationale to avoid
threads bouncing[3,4,5], and in 2012 pthread_cond_signal was moved to be
called from under mutex, but only for CPython3[6,7].

In 2019 the bug was (re-)discovered while testing Pygolang[8] on macOS with
CPython2 and PyPy2 and PyPy3.

[1] https://github.com/python/cpython/commit/2c8cb9f3d240
[2] https://bugs.python.org/issue433625
[3] https://bugs.python.org/issue8299#msg103224
[4] https://bugs.python.org/issue8410#msg103313
[5] https://bugs.python.org/issue8411#msg113301
[6] https://bugs.python.org/issue15038#msg163187
[7] https://github.com/python/cpython/commit/187aa545165d
[8] https://pypi.org/project/pygolang

(cherry picked from commit 187aa54516)

Co-Authored-By: Kristján Valur Jónsson <kristjan@ccpgames.com>
2019-10-03 09:06:52 +02:00
Dong-hee Na 8eb64155ff [2.7] bpo-38243: Escape the server title of DocXMLRPCServer (GH-16447)
Escape the server title of DocXMLRPCServer.DocXMLRPCServer
when rendering the document page as HTML.
2019-10-01 12:58:00 +02:00
Jesús Cea 598f676880
[2.7] bpo-38301: In Solaris family, we must be sure to use '-D_REENTRANT' (GH-16446). (#16454)
(cherry picked from commit 52d1b86bde)

Co-authored-by: Jesús Cea <jcea@jcea.es>
2019-09-28 05:09:24 +02:00
Benjamin Peterson e73b93ab3e
[2.7] closes bpo-38174: Update vendored expat library to 2.2.8. (GH-16408)
Fixes CVE-2019-15903. See full changelog at https://github.com/libexpat/libexpat/blob/R_2_2_8/expat/Changes..
(cherry picked from commit 52b9408038)

Co-authored-by: Benjamin Peterson <benjamin@python.org>
2019-09-25 21:49:04 -07:00
Serhiy Storchaka be257bcad1
[2.7] bpo-38175: Fix a memory leak in comparison of sqlite3.Row objects. (GH-16155). (GH-16215)
(cherry picked from commit 8debfa5040)
2019-09-17 09:56:27 +03:00
Miss Islington (bot) 5d55d52b61
bpo-33936: Don't call obsolete init methods with OpenSSL 1.1.0+ (GH-16140)
``OPENSSL_VERSION_1_1`` was never defined in ``_hashopenssl.c``.

https://bugs.python.org/issue33936
(cherry picked from commit 724f1a5723)

Co-authored-by: Christian Heimes <christian@python.org>
2019-09-16 12:48:21 -07:00
Steve Dower d8903416d2
bpo-38117: Updates bundled OpenSSL to 1.0.2t (GH-16178) 2019-09-16 13:07:40 +01:00
Ned Deily 8dd358caf0
bpo-38117: Updated OpenSSL to 1.0.2t in macOS installer for 2.7.x. (GH-16171) 2019-09-16 04:35:55 +01:00
Roberto C. Sánchez 4cbcd2f8c4 [2.7] bpo-34155: Dont parse domains containing @ (GH-13079) (GH-16006)
This change skips parsing of email addresses where domains include a "@" character, which can be maliciously used since the local part is returned as a complete address. 

(cherry picked from commit 8cb65d1381)

Excludes changes to Lib/email/_header_value_parser.py, which did not
exist in 2.7.

Co-authored-by: jpic <jpic@users.noreply.github.com>


https://bugs.python.org/issue34155
2019-09-14 10:26:38 -07:00
Alexandru Ardelean 0d63669e52 [2.7] bpo-35264: Modules/_ssl.c: fix build with OpenSSL 1.1.0 (GH-10570)
Fixes a build error with OpenSSL 1.1.0. There is already code in the
`_ssl.c` that handles all the weird cases of the NPN config macros (with
various OpenSSL & LibreSSL versions).
That code will provide a HAVE_NPN variable, which should be used in the
rest of the code to check whether (or what) to compile regarding NPN.

This change adds HAVE_NPN in the remaining places where it should have been
placed.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>


https://bugs.python.org/issue35264
2019-09-11 10:23:28 -07:00
Zackery Spytz 289c5ea773 bpo-37445: Include FORMAT_MESSAGE_IGNORE_INSERTS in FormatMessageW() calls (GH-15822)
If FormatMessageW() is passed the FORMAT_MESSAGE_FROM_SYSTEM flag
without FORMAT_MESSAGE_IGNORE_INSERTS, it will fail if there are
insert sequences in the message definition.
(cherry picked from commit a656365)
2019-09-11 10:39:34 +01:00
Serhiy Storchaka 2fb6921ab2
[2.7] bpo-34410: Fix a crash in the tee iterator when re-enter it. (GH-15625) (GH-15740)
RuntimeError is now raised in this case.
(cherry picked from commit 526a01467b)
2019-09-09 12:38:05 +03:00
Miss Islington (bot) 0229b56d8c
closes bpo-37965: Fix compiler warning of distutils CCompiler.test_function. (GH-15560)
https://bugs.python.org/issue37965

https://bugs.python.org/issue37965

Automerge-Triggered-By: @benjaminp
(cherry picked from commit 55aabee075)

Co-authored-by: Anonymous Maarten <madebr@users.noreply.github.com>
2019-08-28 10:36:18 -07:00
Victor Stinner c364221909
bpo-34521: Fix FD transfer in multiprocessing on FreeBSD (GH-15422)
Fix file descriptors transfer in multiprocessing on FreeBSD: use
CMSG_SPACE() rather than CMSG_LEN(); see RFC 3542.
2019-08-23 14:00:38 +01:00
Miss Islington (bot) 53639dd55a
closes bpo-37675: Use pkgutil.iter_modules to find fixers in a package rather than listdir. (14942)
(cherry picked from commit 93e8aa62cf)

Co-authored-by: Benjamin Peterson <benjamin@python.org>
2019-07-24 16:59:31 -07:00
Miss Islington (bot) dd3862e167 bpo-37487: Fix PyList_GetItem index description. (GH-14623) (GH-14626)
0 is a legal index.
(cherry picked from commit f8709e804d)

Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
2019-07-06 17:55:41 -04:00
Miss Islington (bot) 55270d09c2
bpo-37149: Replace dead link for online Tkinter reference (GH-14616)
Also fix a name misspelling.
(cherry picked from commit 45bc61b971)

Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
2019-07-06 00:04:53 -07:00
Ned Deily da7f6dbbf5
bpo-19960: Fix building of zlib on macOS without installed headers (GH-14257)
When building 2.7 on macOS without system header files installed in
``/usr/include``, a few extension modules dependent on system-supplied
third-party libraries were not being built, most notably zlib.
This situation arose in the past when building without the Command
Line Tools and the option to install header files in the traditional
system locations (like /usr/include).  As of macOS 10.14, the
header files are only available in an SDK so the problem addressed
here affects most 2.7 builds.
2019-07-01 19:15:09 -04:00
Victor Stinner 065aff3c51
[2.7] bpo-37329: valgrind: ignore _PyWarnings_Init false alarms (GH-14202)
_PyWarnings_Init() only allocates memory once at startup but it is
not released at exit. Ignore this issue to be able to catch other
bugs more easily.
2019-06-28 18:13:33 +02:00
Miss Islington (bot) 4397c68663
closes bpo-37437: Update vendorized expat to 2.2.7. (GH-14436)
(cherry picked from commit 3b03b09fc9)

Co-authored-by: Benjamin Peterson <benjamin@python.org>
2019-06-27 21:24:52 -07:00
Miss Islington (bot) dfa9499ccb [2.7] bpo-37411: Rewrite test_wsgiref.testEnviron() (GH-14394) (GH-14404)
Fix test_wsgiref.testEnviron() to no longer depend on the environment
variables (don't fail if "X" variable is set).

testEnviron() now overrides os.environ to get a deterministic
environment. Test full TestHandler.environ content: not only a few
selected variables.
(cherry picked from commit 5150d32792)

Co-authored-by: Victor Stinner <vstinner@redhat.com>
2019-06-26 22:54:27 +02:00
animalize 0fc14b3733 bpo-35360: Update Windows builds to use SQLite 3.28.0 (GH-14182) 2019-06-24 16:27:03 -07:00
Victor Stinner 9d55bf440c
bpo-37359: Add --cleanup option to python3 -m test (GH-14332) (GH-14333)
* regrtest: Add --cleanup option to remove "test_python_*" directories
  of previous failed test jobs.
* Add "make cleantest" to run "python -m test --cleanup".

(cherry picked from commit 47fbc4e45b)
2019-06-24 13:21:18 +02:00
Victor Stinner adcdb1e4f5
bpo-37362: test_gdb now ignores stderr (GH-14287) (GH-14297)
test_gdb no longer fails if it gets an "unexpected" message on
stderr: it now ignores stderr. The purpose of test_gdb is to test
that python-gdb.py commands work as expected, not to test gdb.

(cherry picked from commit e56a123fd0)
2019-06-21 23:58:53 +02:00
Ned Deily c421c66a58
bpo-36231: Support building on macOS without /usr/include (GH-13773) (GH-14256) 2019-06-20 01:59:54 -04:00
Ned Deily a5b1b22207
bpo-34631: Updated OpenSSL to 1.0.2s in macOS installer. (GH-14198) 2019-06-18 06:48:53 -04:00
animalize 373dace8d7 [2.7] bpo-35360: Update macOS installer to use SQLite 3.28.0 (GH-14183) 2019-06-18 05:59:53 -04:00
Steve Dower d8e3a8af77
bpo-34631: Updated OpenSSL to 1.0.2s in Windows installer (GH-14161) 2019-06-17 09:33:11 -07:00
Xtreak ee15aa2b85 [2.7] bpo-35647: Fix path check in cookiejar. (GH-11436) (GH-13427) 2019-06-15 19:29:29 +03:00
Xtreak 979daae300 [2.7] bpo-35121: prefix dot in domain for proper subdomain validation (GH-10258) (GH-13426)
This is a manual backport of ca7fe50635 since 2.7 has `http.cookiejar` in `cookielib`


https://bugs.python.org/issue35121
2019-06-15 08:29:43 -07:00
Victor Stinner 2b578479b9
[2.7] bpo-36742: Fix urlparse.urlsplit() error message for Unicode URL (GH-13937)
If urlparse.urlsplit() detects an invalid netloc according to NFKC
normalization, the error message type is now str rather than unicode,
and use repr() to format the URL, to prevent <exception str() failed>
when display the error message.
2019-06-11 12:45:35 +02:00
Dimitri John Ledkov 99b5c940d3 [2.7] bpo-34836: fix test_default_ecdh_curve, needs no tlsv1.3. (GH-9626)
Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>

https://bugs.python.org/issue34836
2019-06-09 15:44:57 +10:00
Zackery Spytz 2bfc2dc214 [2.7] bpo-37170: Fix the cast on error in PyLong_AsUnsignedLongLongMask() (GH-13860) (GH-13898)
(cherry picked from commit dc2476500d)

Co-authored-by: Zackery Spytz <zspytz@gmail.com>
2019-06-07 18:22:56 +02:00
Tal Einat 1b57ab5c64
[2.7] bpo-37177: make IDLE's search dialogs transient (GH-13869)
This avoids the search dialogs being hidden behind the editor window.

(cherry picked from commit 554450fb4e)
2019-06-07 09:53:05 +03:00
Miss Islington (bot) bfc1f60560 [2.7] bpo-12639: msilib.Directory.start_component() fails if *keyfile* is not None (GH-13688)
* bpo-12639: msilib.Directory.start_component() fails if *keyfile* is not None (GH-13688)

msilib.Directory.start_component() was passing an extra argument to CAB.gen_id().
(cherry picked from commit c8d5bf6c3f)

Co-authored-by: Zackery Spytz <zspytz@gmail.com>
2019-05-31 15:39:39 -07:00
Tony Flury 09ba83330b [2.7] bpo-33006 - Correct filter doc string to clarify 2nd argument can be iterable (GH-6015)
https://bugs.python.org/issue33006
2019-05-28 18:36:04 -07:00
Victor Stinner 80dfe99016
bpo-26423: Fix possible overflow in wrap_lenfunc() (GH-13606) (GH-13625)
Fix possible overflow in wrap_lenfunc() when
sizeof(long) < sizeof(Py_ssize_t) (e.g., 64-bit Windows).

(cherry picked from commit 05f16416d9)
2019-05-28 17:23:07 +02:00
Victor Stinner d9d1045837
bpo-35907: Clarify the NEWS entry (GH-13557) 2019-05-24 23:28:56 +02:00